a first course in information security nancy smithfield computer science and it department austin...
Post on 25-Dec-2015
217 Views
Preview:
TRANSCRIPT
A First Course in Information Security
Nancy Smithfield
Computer Science and IT Department
Austin Peay State University
smithfieldn@apsu.edu
www.apsu.edu/smithfieldn
Presentation Outline Introduction Define Information Security Principles of Information Security Course
Prerequisites Objectives Sample Topics Sample Assignments Lab Activities Group Project
Resources Future Directions
Introduction Securing Data on Networks and
Computer Systems Malware Attacks Operating System Vulnerabilities Application Software Vulnerabilities Identity Theft Data Theft Botnet Hijackings Cyberterrorism
Introduction
Information Security Problems Industry Government Academe Other Organizations Online User
Privacy legislation Organizations Have Legal Responsibilities
• Protect Information• Disclose Privacy Policies • Report Breaches
Introduction Higher Education Addresses Security Education
Master’s programs in information security areas Undergraduate concentrations Specific security courses Security topics within existing courses
Computer Science and IT Department at APSU Two Courses in Security
• Principles of Information Security• Focus of this paper
• Network Security • Has prerequisite Data Communications and Networking
Incorporate Security Topics in Existing Courses
Definition of Information Security
Information Security is the protection of information assets as well as the hardware and systems that store, transmit and process the information from unauthorized acquisition, modification, damage, disclosure, or loss of use.
Course Prerequisites Computer literacy course, or Programming course such as CS1
Includes introductory topics• computer hardware• OS • networks
Permission of instructor Note: Students of all majors can take this class
• need introductory topics hardware, OS, networks
At APSU the class is numbered CSCI 3200 and is required of Information Systems, Internet and Web, and Database Concentration students
Course Objectives
Understand information security issues and practices Understand techniques to identify and prioritize
information assets Be aware of vulnerabilities and strategies for securing
networked computer systems in a global environment Identify tools and technology for combating threats to
information assets Describe legal implications of security and privacy issues Understand risk management Understand the development of an information security
policy and architecture
Course Sample Topics
History of Information Security
Information characteristics that must be protected
Security terminology Threat and attack
analysis Legal issues Risk management Security Planning
Defense through management, operational and technology controls
Specific security technology such as malware detectors, firewalls, IDS, and spam filters
Cryptography and hash functions
Personal, Physical, Desktop, Network, Internet and Enterprise Security
Assignments
~ 70% of the assignments based on understanding content of two text books Submitting written answers to questions Taking online practice quizzes In-class student led discussions on topics
~ 30 % of assignments based on Security news topics Security awareness Investigation of NIST security documents
Sample Security News Topic Assignment
In 2006 a laptop with sensitive VA information was reported stolen. Over 20 million veterans were affected.
Every year over 700,000 laptops are stolen in the U.S. Assignment - Investigate Laptop Security
• Write about securing the actual laptop and the data it contains with existing hardware and software tools
• What are the advantages and disadvantages of encrypting data on laptops?
• What security tools and services are available to find missing laptops such as cyberangel? Describe how they work.
Sample Security Awareness Assignment
October - cyber security awareness month Each student was given a security protection hot-
topic to investigate. Two to three students were given the same topic but it was not a group project.
Assignment - Create an illustrated one page poster on the topic.
Sample topics (strong passwords, protection against phishing, social engineering, protection against viruses, protecting software copyright)
Posters were used to create a cyber awareness display
Sample Lab Activities
Sample active learning during 3 to 4 labs at class times Running a Password cracker (dictionary and
brute force attacks) Windows security settings including firewall
and browser settings Running antispyware software (Windows
Defender, SpySweeper, Ad-Aware) Running a web site detector Spoofstick Managing Windows updates, disabling
Windows services, managing windows accounts
Group Project
Students divided into 3 person groups Each group - different research topic Write an 8-10 page paper Prepare and give group presentation Sample topics (viruses, spyware,
phishing, security settings in browsers, intrusion detection and prevention systems)
Example Project: Security Settings in Browsers
Research security features available in three popular browsers, one of which must be IE .
Explain each of the security settings/configurations and list pros and cons for each setting.
Include possible settings for cookies, Java and ActiveX controls.
List security features of IE7. Prepare a chart comparing and contrasting the
browsers.
Course Resources
Textbooks Principles of Information Security Second
Editionby Whitman and MattfordISBN : 0-619-21625-5
Security Awareness: Applying Practical Security in Your World by Ciampa ISBN: 1-4188-0969-1
Course Resources Computer Security Resource Center of National
Institute for Standards and Technology (http://csrc.nist.gov) Glossary of terms Free Special Publications such as:
• SP 800-12 An Introduction to Computer Security• SP 800-14 Best Practices and Security Principles • SP 800- 26 Self Assessment Guide for IT Systems• SP 800-30 Risk Management• SP 800-100 Information Security Handbook for
Managers
Course Resources United States Computer Emergency Readiness
Team http://www.us-cert.gov/reading_room/
Internet Storm Center Presentations http://isc.sans.org/presentations/index.php
Educause Web Site on CyberSecurity Awareness Month with links to projects at many higher education siteshttp://www.educause.edu/content.asp?page_id=7479&bhcp=1
Course Resources Videos on cyber awareness
http://www.staysafeonline.org/basics/assemblyinabox.html
National Strategy to secure cyberspacehttp://www.whitehouse.gov/pcipb/
Kennesaw State’s Center for Information Security Education and Awarenesshttp://infosec.kennesaw.edu/
Current Security Topicshttp://searchsecurity.techtarget.com/
Lessons Learned - Future Directions Overwhelming amount of material for
course resources Security news - source of discussion topics Current course needs more active learning
Labs Security analysis of small businesses or
non-profit As part of course goals, promote security
awareness across the University
Questions?
top related